Best way to patch exeDSP?

General forum for C series TVs.

sectroyer
Official SamyGO Developer
Posts: 6305
Joined: Wed May 04, 2011 5:10 pm

Re: Best way to patch exeDSP?

Post by sectroyer »

YES. Because _ZN7CCDebug5ResetEv is exeDSP symbol and NOT libahas.so :) To get this you need to dlopen exeDSP, like this:

Code: Select all

void *h = dlopen(0, RTLD_LAZY);
:)
I do NOT support "latest fw" at ALL. If you have one you should block updates on router and wait for it to STOP being "latest":)
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!
Neoplane
Posts: 9
Joined: Thu Apr 12, 2012 3:38 pm

Re: Best way to patch exeDSP?

Post by Neoplane »

I can dopen(0, RTLD_LAZY), but after that I'm still unable to dlopen(libahas.so, RTLD_LAZY), and also unable to get a handle on dlsym(h, myFunction).

I'm getting a handle at 0x400266d0 for dlopen(0), but my patching point it's at 0x41ec9c40. I think that it's too far to be confident that I'm getting the correct patch point, isn't it?

Any other clues?
sectroyer
Official SamyGO Developer
Posts: 6305
Joined: Wed May 04, 2011 5:10 pm

Re: Best way to patch exeDSP?

Post by sectroyer »

ehhh I am getting confused :) Better paste part of your code that does this dlopen/dlsym dance :)
I do NOT support "latest fw" at ALL. If you have one you should block updates on router and wait for it to STOP being "latest":)
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!
Neoplane
Posts: 9
Joined: Thu Apr 12, 2012 3:38 pm

Re: Best way to patch exeDSP?

Post by Neoplane »

Here's code

Code: Select all

	void *ldl1 = dlopen(0, RTLD_LAZY);
	if(debug)
	{
		printf("dlopen 0 at: 0x%08x\n", ldl1);
	}

	unsigned char *lib = "/mtd_exe/Comp_LIB/libahas.so";
	void *ldl = dlopen(lib, RTLD_LAZY);
	if(debug)
	{
		if(!ldl)
		{
			printf("dlopen libahas failed: '%s'.\n", dlerror());
		}
		else
		{
			printf("dlopen libahas at: 0x%08x\n", ldl);
		}
	}
	
	unsigned char *fn_name = "_ZN4hass16AppleDataHandler12readMetadataERKSsPNS_12IArrayBufferERbi";
	addr=dlsym(ldl1, fn_name);
	if(!addr)
	{
		printf("dlsym '%s' failed.\n", fn_name);
		return 0;
	}
	else
		printf("Found %s location at: 0x%08x\n",fn_name,addr);
And this is output:

Code: Select all

dlopen 0 at: 0x400266d0
dlopen libahas failed: '/mtd_exe/Comp_LIB/libahas.so: undefined symbol: _ZN7CCDebug5ResetEv'.
dlsym '_ZN4hass16AppleDataHandler12readMetadataERKSsPNS_12IArrayBufferERbi' failed.
I need to patch on:
0x41EC9C40 BNE 0x41ec950c <_ZN4hass16AppleDataHandler12readMetadataERKSsPNS_12IArrayBufferERbi+788> <<<<< PATCH

What I mean is, dlopen 0 it's getting too far from patching point, and dlopen libahas it's failing.
sectroyer
Official SamyGO Developer
Posts: 6305
Joined: Wed May 04, 2011 5:10 pm

Re: Best way to patch exeDSP?

Post by sectroyer »

change ldl1 to ldl and report results :)
I do NOT support "latest fw" at ALL. If you have one you should block updates on router and wait for it to STOP being "latest":)
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!

Post Reply

Return to “[C] General”